Warning: Permanently added '10.128.0.116' (ED25519) to the list of known hosts. 2026/03/11 21:22:09 parsed 1 programs [ 82.233185][ T5828] cgroup: Unknown subsys name 'net' [ 82.344356][ T5828] cgroup: Unknown subsys name 'cpuset' [ 82.354750][ T5828] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.763092][ T5828] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.888860][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 87.228544][ T756] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.243306][ T756] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.284378][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.293819][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.583444][ T5882] chnl_net:caif_netlink_parms(): no params data found [ 88.674651][ T5882] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.683157][ T5882] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.691169][ T5882] bridge_slave_0: entered allmulticast mode [ 88.700482][ T5882] bridge_slave_0: entered promiscuous mode [ 88.712483][ T5882] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.720052][ T5882] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.727565][ T5882] bridge_slave_1: entered allmulticast mode [ 88.735342][ T5882] bridge_slave_1: entered promiscuous mode [ 88.792389][ T5882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.807084][ T5882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.853556][ T5882] team0: Port device team_slave_0 added [ 88.863230][ T5882] team0: Port device team_slave_1 added [ 88.889889][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.897114][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.923748][ T5882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.937847][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.945252][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.972911][ T5882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.025204][ T5882] hsr_slave_0: entered promiscuous mode [ 89.032476][ T5882] hsr_slave_1: entered promiscuous mode [ 89.185776][ T5882] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.198488][ T5882] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.211614][ T5882] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.222304][ T5882] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.261764][ T5882] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.270012][ T5882] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.280286][ T5882] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.287544][ T5882] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.327294][ T756] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.337212][ T756] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.378869][ T5882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.403242][ T5882] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.418162][ T756] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.425625][ T756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.445380][ T756] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.452600][ T756] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.637831][ T5882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.698753][ T5882] veth0_vlan: entered promiscuous mode [ 89.716394][ T5882] veth1_vlan: entered promiscuous mode [ 89.753724][ T5882] veth0_macvtap: entered promiscuous mode [ 89.764443][ T5882] veth1_macvtap: entered promiscuous mode [ 89.793284][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.810062][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.828638][ T756] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.840142][ T756] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.853330][ T756] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.862801][ T756] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.028112][ T756] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.103379][ T756] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.169911][ T756] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.271856][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.273607][ T756] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.283020][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.300815][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.310228][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.318167][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 2026/03/11 21:22:21 executed programs: 0 [ 91.625971][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.637216][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.647887][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.657098][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.666881][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.817664][ T5937] chnl_net:caif_netlink_parms(): no params data found [ 91.897023][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.907039][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.914561][ T5937] bridge_slave_0: entered allmulticast mode [ 91.922725][ T5937] bridge_slave_0: entered promiscuous mode [ 91.932486][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.939917][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.947841][ T5937] bridge_slave_1: entered allmulticast mode [ 91.956223][ T5937] bridge_slave_1: entered promiscuous mode [ 91.990100][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.003771][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.036835][ T5937] team0: Port device team_slave_0 added [ 92.049096][ T5937] team0: Port device team_slave_1 added [ 92.062590][ T29] cfg80211: failed to load regulatory.db [ 92.091445][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.102135][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.131229][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.144282][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.151971][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.179033][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.222600][ T5937] hsr_slave_0: entered promiscuous mode [ 92.229831][ T5937] hsr_slave_1: entered promiscuous mode [ 92.236480][ T5937] debugfs: 'hsr0' already exists in 'hsr' [ 92.242484][ T5937] Cannot create hsr debugfs directory [ 92.514893][ T756] bridge_slave_1: left allmulticast mode [ 92.521690][ T756] bridge_slave_1: left promiscuous mode [ 92.529637][ T756] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.542975][ T756] bridge_slave_0: left allmulticast mode [ 92.549055][ T756] bridge_slave_0: left promiscuous mode [ 92.555674][ T756] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.694221][ T756] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 92.706361][ T756] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 92.716408][ T756] bond0 (unregistering): Released all slaves [ 92.818863][ T756] hsr_slave_0: left promiscuous mode [ 92.825585][ T756] hsr_slave_1: left promiscuous mode [ 92.833233][ T756] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 92.843214][ T756] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 92.854068][ T756] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 92.863767][ T756] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 92.883297][ T756] veth1_macvtap: left promiscuous mode [ 92.889895][ T756] veth0_macvtap: left promiscuous mode [ 92.895784][ T756] veth1_vlan: left promiscuous mode [ 92.901827][ T756] veth0_vlan: left promiscuous mode [ 93.236592][ T756] team0 (unregistering): Port device team_slave_1 removed [ 93.265565][ T756] team0 (unregistering): Port device team_slave_0 removed [ 93.696195][ T5937] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.720433][ T51] Bluetooth: hci0: command tx timeout [ 93.721060][ T5937] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.743813][ T5937] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.757943][ T5937] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.251759][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.283952][ T5937] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.301102][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.308923][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.346617][ T80] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.355004][ T80] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.535601][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.584968][ T5937] veth0_vlan: entered promiscuous mode [ 94.600761][ T5937] veth1_vlan: entered promiscuous mode [ 94.637404][ T5937] veth0_macvtap: entered promiscuous mode [ 94.652720][ T5937] veth1_macvtap: entered promiscuous mode [ 94.677492][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.694493][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.712274][ T80] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.722003][ T80] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.735247][ T80] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.745047][ T80] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.813271][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.825880][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.857658][ T756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.866072][ T756] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.910084][ T5983] [ 94.912452][ T5983] ====================================================== [ 94.919906][ T5983] WARNING: possible circular locking dependency detected [ 94.927379][ T5983] syzkaller #0 Not tainted [ 94.931881][ T5983] ------------------------------------------------------ [ 94.940897][ T5983] syz.0.17/5983 is trying to acquire lock: [ 94.947075][ T5983] ffff88802d491000 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 94.956119][ T5983] [ 94.956119][ T5983] but task is already holding lock: [ 94.964071][ T5983] ffff888033e14cf8 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 94.974333][ T5983] [ 94.974333][ T5983] which lock already depends on the new lock. [ 94.974333][ T5983] [ 94.985795][ T5983] [ 94.985795][ T5983] the existing dependency chain (in reverse order) is: [ 94.994899][ T5983] [ 94.994899][ T5983] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}: [ 95.004775][ T5983] down_read+0x47/0x2e0 [ 95.010566][ T5983] mfill_get_vma+0x162/0x660 [ 95.016500][ T5983] mfill_atomic_copy+0x1c5/0x1330 [ 95.022707][ T5983] userfaultfd_ioctl+0x2b8a/0x4b00 [ 95.029220][ T5983] __se_sys_ioctl+0xfc/0x170 [ 95.035393][ T5983] do_syscall_64+0x14d/0xf80 [ 95.041229][ T5983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.048624][ T5983] [ 95.048624][ T5983] -> #1 (vm_lock){++++}-{0:0}: [ 95.057036][ T5983] __vma_start_exclude_readers+0x28a/0x940 [ 95.063734][ T5983] __vma_start_write+0xdc/0x290 [ 95.070306][ T5983] mprotect_fixup+0x5ee/0xa80 [ 95.078647][ T5983] setup_arg_pages+0x565/0xac0 [ 95.086471][ T5983] load_elf_binary+0xc5e/0x2980 [ 95.095269][ T5983] bprm_execve+0x949/0x1470 [ 95.101099][ T5983] kernel_execve+0x844/0x930 [ 95.106535][ T5983] try_to_run_init_process+0x13/0x60 [ 95.112740][ T5983] kernel_init+0xad/0x1d0 [ 95.119306][ T5983] ret_from_fork+0x51e/0xb90 [ 95.124862][ T5983] ret_from_fork_asm+0x1a/0x30 [ 95.131413][ T5983] [ 95.131413][ T5983] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 95.140347][ T5983] __lock_acquire+0x15a5/0x2cf0 [ 95.146483][ T5983] lock_acquire+0xf0/0x2e0 [ 95.153878][ T5983] __might_fault+0xcb/0x130 [ 95.159264][ T5983] userfaultfd_ioctl+0x2bcd/0x4b00 [ 95.166035][ T5983] __se_sys_ioctl+0xfc/0x170 [ 95.171615][ T5983] do_syscall_64+0x14d/0xf80 [ 95.178584][ T5983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.185622][ T5983] [ 95.185622][ T5983] other info that might help us debug this: [ 95.185622][ T5983] [ 95.198921][ T5983] Chain exists of: [ 95.198921][ T5983] &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock [ 95.198921][ T5983] [ 95.215844][ T5983] Possible unsafe locking scenario: [ 95.215844][ T5983] [ 95.225401][ T5983] CPU0 CPU1 [ 95.231837][ T5983] ---- ---- [ 95.238089][ T5983] rlock(&ctx->map_changing_lock); [ 95.243887][ T5983] lock(vm_lock); [ 95.250690][ T5983] lock(&ctx->map_changing_lock); [ 95.259150][ T5983] rlock(&mm->mmap_lock); [ 95.263926][ T5983] [ 95.263926][ T5983] *** DEADLOCK *** [ 95.263926][ T5983] [ 95.272372][ T5983] 2 locks held by syz.0.17/5983: [ 95.277495][ T5983] #0: ffff88802a87aa88 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 95.287268][ T5983] #1: ffff888033e14cf8 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 95.297970][ T5983] [ 95.297970][ T5983] stack backtrace: [ 95.304136][ T5983] CPU: 1 UID: 0 PID: 5983 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 95.304152][ T5983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 95.304165][ T5983] Call Trace: [ 95.304173][ T5983] [ 95.304179][ T5983] dump_stack_lvl+0xe8/0x150 [ 95.304198][ T5983] print_circular_bug+0x2e1/0x300 [ 95.304213][ T5983] check_noncircular+0x12e/0x150 [ 95.304227][ T5983] __lock_acquire+0x15a5/0x2cf0 [ 95.304246][ T5983] ? __kernel_text_address+0xd/0x30 [ 95.304262][ T5983] ? arch_stack_walk+0xfb/0x150 [ 95.304275][ T5983] lock_acquire+0xf0/0x2e0 [ 95.304291][ T5983] ? __might_fault+0xaf/0x130 [ 95.304308][ T5983] ? __might_fault+0xaf/0x130 [ 95.304323][ T5983] __might_fault+0xcb/0x130 [ 95.304337][ T5983] ? __might_fault+0xaf/0x130 [ 95.304353][ T5983] userfaultfd_ioctl+0x2bcd/0x4b00 [ 95.304369][ T5983] ? __kasan_slab_free+0x5c/0x80 [ 95.304386][ T5983] ? kfree+0x1c5/0x640 [ 95.304405][ T5983] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 95.304428][ T5983] ? kasan_quarantine_put+0xbb/0x1f0 [ 95.304446][ T5983] ? tomoyo_path_number_perm+0x219/0x630 [ 95.304460][ T5983] ? tomoyo_path_number_perm+0x219/0x630 [ 95.304474][ T5983] ? do_vfs_ioctl+0x1166/0x1530 [ 95.304487][ T5983] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 95.304501][ T5983] ? do_futex+0x395/0x420 [ 95.304522][ T5983] ? __se_sys_futex+0x3a8/0x450 [ 95.304545][ T5983] ? __pfx___se_sys_futex+0x10/0x10 [ 95.304562][ T5983] ? bpf_lsm_file_ioctl+0x9/0x20 [ 95.304574][ T5983] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 95.304589][ T5983] __se_sys_ioctl+0xfc/0x170 [ 95.304600][ T5983] do_syscall_64+0x14d/0xf80 [ 95.304616][ T5983] ? trace_irq_disable+0x3b/0x150 [ 95.304630][ T5983] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.304642][ T5983] ? clear_bhb_loop+0x40/0x90 [ 95.304655][ T5983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.304667][ T5983] RIP: 0033:0x7f73bad9c799 [ 95.304684][ T5983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.304693][ T5983] RSP: 002b:00007ffc9923f378 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.304707][ T5983] RAX: ffffffffffffffda RBX: 00007f73bb015fa0 RCX: 00007f73bad9c799 [ 95.304715][ T5983] RDX: 0000200000000080 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 95.304723][ T5983] RBP: 00007f73bae32c99 R08: 0000000000000000 R09: 0000000000000000 [ 95.304731][ T5983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.304738][ T5983] R13: 00007f73bb015fac R14: 00007f73bb015fa0 R15: 00007f73bb015fa0 [ 95.304751][ T5983] [ 95.799542][ T51] Bluetooth: hci0: command tx timeout [ 97.889490][ T51] Bluetooth: hci0: command tx timeout [ 99.959813][ T51] Bluetooth: hci0: command tx timeout